Is it possible to create pkpass in app? I have watched a few wwdc and searched online. It say it require signing and it can't be created in app. Is it correct? If not, is there a way to create in app?
The simple answer is yes, but you probably don't want to. I don't see what would stop you creating and signing a PKPass file in ObjectiveC or Swift.
The reason you wouldn't want to do this is security. When a pass is created, it's manifest is signed with a private key. This ensures that you can trust the vendor and it also provides legal safeguards. If you put were to create the private key into the pass it could be extracted and use to create similar Passes or even replace your own passes.
Related
Trying to figure out if it's possible to share my pass with another app produced by an independent developer team.
As per passkit documentation you have to specify team identifier for the pass which (I'm assuming) limits the scope of accessing pass when using method such as -[PKPassLibrary passesOfType:]
Additionally I found following excerpt in the documentation for [PKPassLibrary passes]:
Your app only has access to certain passes according to its entitlements. PassKit doesn’t return passes that your app can’t access.
What if I want another app to be able to access my pass programatically - is my assumption correct meaning it's not possible to share pass between two apps?
Thanks
I'd like the user to be able to add their own PKPass with their name to Apple Wallet by tapping a button in the app.
I have created the CustomPass.pkpass with the "primaryFields" "label" set to the user's name. Would I update the "label" inside the pass.json before it's added to the Wallet somehow?
I have found very little info about how to do this. Possibly with PKAddPassesViewController?
Is it possible to add the pass to the wallet this way without using a webServiceURL / PassKit API?
After updating pass.json, you need to re-create and sign the pass bundle, as commented above. This is best done using a web service: for in-app signing one would need to distribute the signing keys with the app, which is a security risk.
Apple provides an example for local signing though, the signpass source code in https://developer.apple.com/services-account/download?path=/iOS/Wallet_Support_Materials/WalletCompanionFiles.zip .
i investigate development for Apple Passbook. i've found that if you have something to perform as a pass to your subscribers, you should create special .pkpass files and distribute them variously. But is it possible to create your own passes in iOS application and add them to Passbook? For example, i have barcode, all additional info, so i want application user to configure his own pass.
It's certainly technically possible to develop your own pass creation App, however to create a .pkpass bundle entirely within an App would require you to embed your Pass ID Private Key within the App which presents a huge security risk.
In practice, your App should send the pass data to your web server which should compile the .pkpass bundle and transfer the bundle back to your App to add to Passbook.
The Apple Pass Kit Framework reference gives you everything you need to accept a pass from your web server that contains info that your user has provided to your App.
I am trying to find a way to generate a pass for passkit on the device its self after it received the information to put in a pass over the network.
Does anyone know if this can be done / how to do this?
Refer to: https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/PassKit_PG/YourFirst.html#//apple_ref/doc/uid/TP40012195-CH2-SW1
Basically: Not easily (if at all), you need to be able to sign your pass using signpass, a command line utility in order to make it readable by devices. This will cause a lot of hassle and distress, as you can't run another process on iOS, and to convert the signpass code to run on the device might not be possible either.
What I would suggest is to sign your pass on the server/wherever the data is coming from, and send both the information and the generated .pkpass to the device. This is how it was designed, and how it should be used. Read the docs for more information, they're very clear.
Actually, Apple have stated the security problems when signing passes in iOS. This is because the certificates needs to be packaged with the app. And you don't want to expose certificates to users like that.
Just like WDUK suggests, implement a simple pass signing and distribution server that your app can request passes from. This is also very helpful when you want to update passes added to devices.
I'm sure you can find a server implementation that fits your needs on GitHub.
Not exactly a programming question but here it goes:
How can a company who is distributing passbook passes via email or web prevent a pass from being installed on more than one device?
I can not find anything about this on Apple docs. The only I can think of is to check on the device registration webservice whether the combination of pass type and serial has a device already registered and delete it , but I am not aware of any command to delete the pass remotely.
Another option would be to check if it is already registered prior to generating the pass but this would only work for URL distribution, not for email.
Is there any way to delete a pass remotely via push notification + update? Any ideas on how to solve this issue?
Mail and Mobile Safari will present any pass they are given and the user can decide to add them to their Passbook. There is nothing the pass creator can do to prevent it except to be careful about how the .pkpass files get handed around.
If you really only want to deliver a specific pass to a specific device you might consider a companion app that uses a custom API to communicate with the the backend and request the pass for that device that way. Then you have much more control than distribution via email or url links.
Apple frowns on trying to delete a pass programmatically; only users are supposed to delete passes because they added them. You can, however, update a pass to make it clear that is not valid and should be deleted. For example you can remove the bar code, if any, and use a background image with a big red "INVALID" on it.
Just to extend #ohmi's answer:
You cannot prevent passes from being installed on more than one
device - e.g. if user enables iCloud for Passbook, the passes will get
synced automatically across devices.
Considering your links to pkpasses are public, you may want to consider
introducing one-time download links, but while it can fill your
needs just fine, users can be really disappointed if it's impossible to re-add
passes that they manually deleted. So I wouldn't recommend such solution.
You can make you pkpass links kind of private, so only GET request originating from your application and carrying a specific value for specific header field (e.g. auth_token), will receive a pkpass file, however this way you almost disable pass distribution via email or via sharing URLs to passes and make pass updating probably impossible.